Bug #64243 Database where log tables are written should be configurable
Submitted: 6 Feb 2012 19:18 Modified: 6 Feb 2012 19:40
Reporter: Peter Laursen (Basic Quality Contributor) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Options Severity:S2 (Serious)
Version:any OS:Any
Assigned to: CPU Architecture:Any
Tags: qc

[6 Feb 2012 19:18] Peter Laursen
Description:
Referring:

1) http://bugs.mysql.com/bug.php?id=64215 where I was asked to create a separate report

2) http://www.webyog.com/blog/2012/02/03/log-security-and-log-tables/

When logging to files you may specify where log files are saved.  On the opposite there is no way to specify a database for log tables.  This is inconsistent.  I also consider it a security flaw as long as "SHOW GRANTS requires the SELECT privilege for the mysql database." (and I will not be surprised if SELECT privilege for the mysql database is required for other operations as well).  

You could very well have scenarios/deployments where users with SELECT privilege to the mysql database should not be allowed to read logs (because sensitive data may appear in logs).

How to repeat:
See above.

Suggested fix:
One of two (or both):

1) Make SHOW GRANTS dependent on SELECT to privileges *tables* only (and not to the mysql database per se)

2) Provide an option (and global_variable) that defines the database where table-based logs are stored.

(Setting as S2 - because that is my opinion and not S4! :-) )